Lsass.exe crashes and system shuts down automatically on a Windows Server 2012 R2-based server

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials

Symptoms


Windows Server 2012 R2-based server restarts unexpectedly, and you may find the following events in Event Viewer:
Event ID 1015:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted

Event ID 1000:
Faulting application name: lsass.exe, version: 6.3.9600.17415, time stamp: 0x545042fe
Faulting module name: kerberos.DLL, version: 6.3.9600.17423, time stamp: 0x545ff681
Exception code: 0xc0000005
Fault offset: 0x00000000000910b7
Faulting process id: 0x448
Faulting application start time: 0x01d029e23a389f2e
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\kerberos.DLL
Report Id: 168aa2f9-95d6-11e4-80ec-a0369f05235a
Faulting package full name:
Faulting package-relative application ID:

Event ID 5000:
The security package Kerberos generated an exception. The exception information is the data.


This issue occurs if you only select the AES256_HMAC_SHA1 or AES128_HMAC_SHA1 check box in the Network security: Configure encryption types allowed for Kerberos Group Policy setting.


Note The Group Policy setting is located under Computer Configuration\Windows settings\Security Settings\Local Policies \Security Options.

Resolution


To resolve this issue, install hotfix 2998097. For more information about hotfix 2998097, see the "Specified account does not exist" error message when domain users try to change their password in UPN format in a different domain.

Note Hotfix 2998097 fixes a different issue but also contains the fix for this issue.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


See the terminology that Microsoft uses to describe software updates.